CVE List – Find High-Risk & Exploited Vulnerabilities

Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.

Assigner (CNA / source):[email protected] Remove this filter

Showing 120 of 33 results
«« First « Prev Page 1 / 2 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-2701 Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. 9.1 48.81% 2026-04-02 2026-06-17
CVE-2025-8095 The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform.  It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications.  OECH1 encodings should be considered exploitable and immediately replaced by any other supported prefix encoding, all of which are based on symmetric encryption. 9.1 0.22% 2026-04-14 2026-06-17
CVE-2024-8015 In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. 9.1 0.82% 2024-10-09 2026-06-17
CVE-2024-5806 Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. 9.1 75.81% 2024-06-25 2026-06-17
CVE-2024-5805 Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0. 9.1 7.55% 2024-06-25 2026-06-17
CVE-2023-42659 In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application. 9.1 0.90% 2023-11-07 2026-06-17
CVE-2023-40051 This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible. 9.1 0.56% 2024-01-18 2026-06-17
CVE-2024-12106 In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. 9.4 9.44% 2024-12-31 2026-06-17
CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints 9.6 43.43% 2026-06-04 2026-07-13
CVE-2024-12108 In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. 9.6 6.80% 2024-12-31 2026-06-17
CVE-2026-7198 CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations. 9.8 0.37% 2026-06-02 2026-06-17
CVE-2026-4670 Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0. 9.8 5.63% 2026-04-30 2026-06-17
CVE-2026-2699 Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution. 9.8 49.42% 2026-04-02 2026-06-17
CVE-2025-8868 In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token. 9.8 22.83% 2025-09-29 2026-06-17
CVE-2024-8785 In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. 9.8 9.74% 2024-12-02 2026-06-17
CVE-2024-7763 In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. 9.8 0.62% 2024-10-24 2026-06-17
CVE-2024-6671 In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. 9.8 14.89% 2024-08-29 2026-06-17
CVE-2024-6670 KEV In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. 9.8 94.66% 2024-08-29 2026-06-17
CVE-2024-4885 KEV In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. 9.8 99.29% 2024-06-25 2026-06-17
CVE-2024-4884 In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. 9.8 24.31% 2024-06-25 2026-06-17
«« First « Prev Page 1 / 2 Next »
cvelogic Threat Intelligence